any opinions on Mandiant RC or ZA ForceField?

hi,
was wondering if anyone was using Mandiant Red Curtain or the ZA ForceField
beta?


Mandiant app. only scans .exe type files....i wanted it to scan my Limewire downloads, but it wouldnt...

 

I am using the ZA ForceField beta and imo it's excellent. Sure it has some minor problems, like FP's on some sites, which will be hopefully fixed.

 

Red Curtain isn't your regular malware scanner. It's a research tool and it only rates executables based on a fixed criteria.

 

thanks for the replies...

on Mandiant RC, i thought viruses, malware etc could exist in a non-executable
file? this is not the case? i thought the regular AVG, ST, SAS types scanned
all files on the HDD by default...

 

Yes, there are macro (Word/Excel/Powerpoint) viruses and script (scripting languages) viruses.

 

thats not as bad as i thought then...i figured malware could hide in just about any file, i was scanning everything...

does the actual file extension matter, like if its an .mp3 or .wma, could it still harbor a virus/malware that would be released
on opening the file?

 

You can hide anything in everything (steganography). But, an .exe hidden in a .mp3 file won't do any harm. On the other hand, data filetypes might have vulnerabilities (buffer overflows for instance) which can be used to execute shellcode